Skip to content

Hide Navigation Hide TOC

Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656)

Akira ransomware, written in C++, is most prominently (but not exclusively) associated with the ransomware-as-a-service entity Akira. Akira ransomware has been used in attacks across North America, Europe, and Australia, with a focus on critical infrastructure sectors including manufacturing, education, and IT services. Akira ransomware employs hybrid encryption and threading to increase the speed and efficiency of encryption and runtime arguments for tailored attacks. Notable variants include Rust-based Megazord for targeting Windows and Akira _v2 for targeting VMware ESXi servers.(Citation: Kersten Akira 2023)(Citation: CISA Akira Ransomware APR 2024)(Citation: Cisco Akira Ransomware OCT 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2